next up previous contents
Next: Control Requirements Up: Design Previous: Object Classes   Contents

Permissions


Table: Additional permissions for the socket object classes.
PERMISSION(S) DESCRIPTION
bind Bind name
name_bind Use port or file
connect Initiate connection
getopt Get socket options
setopt Set socket options
shutdown Shut down connection
recvfrom Receive from socket
sendto Send to socket
recv_msg Receive message
send_msg Send message


Since sockets are accessed through file descriptions, the socket object classes inherit the permissions defined for controlling access to the file object classes. Only the read, write, poll, ioctl, create, lock, getattr, setattr, relabelfrom, relabelto, and transition file permissions are meaningful for sockets.

Table 22 shows additional permissions that are specifically defined for controlling access to the socket object classes. The bind, connect, getopt, setopt, and shutdown permissions control the ability of processes to invoke various socket-specific system calls. For AF_INET sockets, the name_bind permission controls the relationship between a socket and its port number. For AF_UNIX sockets, the name_bind permission controls the relationship between a socket and its file. The recvfrom and sendto permissions control the relationship between the sending socket and the receiving socket for datagrams. The recv_msg and send_msg permissions control the relationship between a datagram message and the receiving or sending socket. These two permissions are implicitly granted if the message SID is equal to the sending socket SID.


Table: Additional permissions for the TCP and Unix stream socket object classes.
PERMISSION(S) DESCRIPTION
listen Listen for connections
accept Accept a connection
newconn Create new socket for connection
connectto Connect to server socket
acceptfrom Accept connection from client socket


The connection-oriented service provided by stream sockets requires several additional permissions, as shown in Table 23. The listen and accept permissions control the ability of processes to invoke the corresponding system calls. The newconn permission controls the relationship between the server socket created by a connection and the listening socket. This permission is implicitly granted if the sockets have the same SID. The connectto and acceptfrom permissions control the relationship between the client socket and the server socket.


Table: Permissions for the network interface object class.
PERMISSION(S) DESCRIPTION
getattr Get attributes
setattr Set attributes
tcp_recv Receive TCP packet
tcp_send Send TCP packet
udp_recv Receive UDP packet
udp_send Send UDP packet
rawip_recv Receive Raw IP packet
rawip_send Send Raw IP packet



Table: Permissions for the node object class.
PERMISSION(S) DESCRIPTION
tcp_recv Receive TCP packet
tcp_send Send TCP packet
udp_recv Receive UDP packet
udp_send Send UDP packet
rawip_recv Receive Raw IP packet
rawip_send Send Raw IP packet
enforce_dest Enforce destination socket


The set of permissions for the network interface object class is shown in Table 24. The setattr and getattr permissions control the ability of processes to manipulate the interface parameters. The remaining permissions control the relationship between a message and the network interface on which it is sent or received. Similar permissions are defined for the node object class, as shown in Table 25, to control the relationship between an inbound message and its source address and the relationship between an outbound message and its destination address. The enforce_dest permission for the node object class was defined to support the extended socket calls, as described in Section 8.1.4.


Table: Additional permissions for the system object class.
PERMISSION(S) DESCRIPTION
route_control Manipulate routing tables
arp_control Manipulate ARP table
rarp_control Manipulate RARP table
net_io_control Use device-specific ioctl


Table 26 shows permissions that were added to the system object class for the networking component. The route_control permission controls the ability of a process to manipulate the kernel IP routing table. The arp_control and rarp_control permissions control the ability of a process to manipulate the kernel ARP cache and RARP table, respectively. The net_io_control permission controls the ability of a process to invoke a device-specific ioctl on a network device.


next up previous contents
Next: Control Requirements Up: Design Previous: Object Classes   Contents